Introduction Keymarble is a trojan malware that has recently been seen in the wild. US CERT released initial information about this malware late last week which can be accessed here - https://www.us-cert.gov/ncas/analysis-reports/AR18-221A In this article, we analyse the malware and try to understand the execution flow. We also look at some useful network IOC that can be extracted from the malware. Some of these have been documented in the release that has been linked above. We'll look at some other IOC that have not yet been released publicly. This is a quick analysis that…

One of my common bugbears with businesses is the idea that a Distributed Denial of Service (DDoS) attack is an incident that should be managed and handled by your Cyber Security Incident Response team. It's not and here is why..... Receiving rubbish traffic to a web server, or any service for that matter, that you stick on the internet is just a part of being online and businesses need to accept this upfront and plan for it. It's no different to planning when you drive a car, you decide on the best route with least traffic and when there is…